Redirect URL is passed around as GET parameter
Bug #675867 reported by
leon.handreke
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
django-openid-auth |
New
|
Undecided
|
Unassigned |
Bug Description
Currently the login_begin view takes a URL parameter called REDIRECT_FIELD_NAME that is used to redirect somewhere after login is complete. This is not an optimal approach because this GET parameter has to be passed around from view to view multiple times. If the path of the GET parameter is ever interrupted (for example, we have a view to create a user account for a new OpenID user in our application that kicks in before the user is allowed to log in), the redirection mechanism fails.
I suggest using the session storage to store this redirection URL and middleware to redirect the user once login is complete.
If there is interest in fixing this, I can create a patch.
description: | updated |
To post a comment you must log in.
See the following bug in Snowy for our own approach to fixing this: https:/ /bugzilla. gnome.org/ show_bug. cgi?id= 633067